Controller Smackdown Hitting Private Cloud Near You

At Cloud Expo, IT staffers dig into the enterprise cloud management tools melee and ongoing battle between CloudStack and OpenStack to find some interesting truths.

The only way to suss out which cloud strategy makes sense for your organization is to make some small investments, whether they're in training, hardware, professional services, or software. In a Lean Startup kind of way, large organizations can use these small investments as science experiments. In that spirit, I sent some of my staff to last week's Cloud Expo in New York, mostly to get some hands-on private cloud vendor training, but also to get a sense of where their peers are doing.

As background, our shop uses public cloud infrastructure and software services for several production use cases. We've been slower to adopt private cloud, mostly because there aren't any crystal clear best practices. I'm not a believer in "let's make some stuff up and hope that it sticks." It's important to figure out where most, or a critical mass of major, organizations are going, so that you're not sitting on your own with no peer or industry support once you make larger investments. It's also important not to create "found only here" processes that will confuse and befuddle new staffers.

Point is, it's important to plug into the industry, so off my staffers went. Here's a summary of what they brought back.

Management is critical, but there are no clear answers. We sort of already knew that doing private cloud without some kind of specialized process or management software isn't an option. It's easy enough to spin up some CloudStack or OpenStack cloud controllers, but without the right management, it's a scale-out recipe for disaster. It reminds me of how enterprises deployed fat PCs willy-nilly, with zero management, back in the day, and then freaked out at how labor-intensive PCs could be versus green-screen terminals. Meantime, early adopters of desktop management were sitting pretty.

Enterprise cloud is going to be like that. One of my staffers at Cloud Expo found it maddening that "there were mostly startups with a product that was half built at best or had only small pieces." Like information security years ago, cloud management appears is still a fragmented market. Expect consolidation, but probably not for a few years.

Even with the larger cloud management players, there's no (duh) silver bullet. (If I had a dollar for every time I wrote that phrase over the years....) "We still will have a lot of work to do," wrote one staffer in his report to me. He said to think of the cloud management layer as "providing templates that give us a good best practice starting point. But there still will be the need for customization, maybe quite a bit of it.

And though cloud management vendors can provide a GUI, there's really no getting around your staff having to learn Chef or Puppet, the infrastructure automation tools. Can you really use a PC automation tool like KBOX without understanding PC scripting a little bit? No! Similarly, Chef and Puppet have been incredibly important for some time to those who are automating infrastructure, with or without cloud. But they become even more important in the cloud.

Take your seats for the cloud controller smackdown. OpenStack versus CloudStack is a battle akin to the one around Linux distros. And based on the feedback I received from my staffers who attended the show, the answer, as with Linux, is: It doesn't really matter in the long run.

CloudStack is an open source project that was acquired by Citrix (with the Apache license and governance by the Apache Foundation), sporting community and enterprise editions. Variations on the theme of "what will Citrix do with CloudStack" and "will CloudStack community edition get diluted" tend to be the points of angst, even though Apache ostensibly has say over the base code.

OpenStack is an open source product influenced by hosting provider Rackspace and the Nebula project. The angst about OpenStack has something to do with Rackspace's large and fixed presence on the governance board, and something to do with the fact that there's fragmentation in the code base. There's no distro that you can grab, just repositories of various versions, some of which will be supported by your management software, some of which won't.

During their trip, my staffers met up with lots of folks who were "planning to use OpenStack," which is a very different thing from actually using OpenStack. On the other hand, there were some folks who seemed to have some agita with the expense of CloudStack enterprise edition.

It's not reasonable to expect that your organization won't pay anything for the cloud controllers. Question is, will it be periodic/capital or will it be regular/operating? Currently, it looks like the choice is between CloudStack and ongoing licensing and support, versus OpenStack and professional services (Rackspace is happy to sell ongoing support to you as well).

As one of my staffers pointed out, the eventual victor of this smackdown doesn't really matter. If you choose wrong but have chosen a good management and abstraction layer, you can always move your private cloud, since "servers are software" and can be destroyed and re-created with the right management, automation, and orchestration. With competition comes lower overall pricing, good news indeed for enterprise private cloud shops.

Jonathan Feldman is a contributing editor for InformationWeek and director of IT services for a rapidly growing city in North Carolina. Write to him at jf@feldman.org or at @_jfeldman.

Cloud Connect is expanding to the Windy City. Join 1,200+ IT professionals at Cloud Connect Chicago, where you will learn how to leverage new cloud technology solutions to increase productivity and improve your business agility. Join us in Chicago, Sept. 10-13. Register today!

You've hit on the most important element to a successful cloud strategy - cloud management. A good management layer preserves choice in the infrastructure layer. From what I've seen, it's still a tremendous effort to get any of the open source cloud distros running in production in an enterprise environment. There's a clear choice as there has always been - pay nothing for the controller and spend an awful lot of time and money in customizing it and getting it to work, or pay for the controller and trust that the vendor will be able to deliver.

You still have to engage in a tremendous amount of architecture & config even if you don't pay for the controller. The question is, if an open source solution can be templated and easily deployed (like Apache for the web), why not do it and avoid the capex of the proprietary controller? It is unclear whether open source controllers will be "an awful lot of time and money". What is clear to me is that the meta- and management layer -- whether you use a proprietary or open source solution for the controller layer -- creates ongoing value and therefore is easy to justify as an ongoing expense. The controller? Not so much.

As a former CIO, I would always fear my techy team wandering in a day dream of shinny objects (or cloudy objects). Cloud management is more than technology. It is an opportunity for I.T. and its business customers to rethink how they mutually deliver business value. Shiny objects, low priced open stack or build it yourself are not business strategies that build legendary companies.

Agree, but just as retail business strategies require SOMEONE to think about the on-the-ground processes, I think that SOMEONE needs to think about the technology under the covers of a business technology initiative. I don't buy the notion that low priced, reliable technologies aren't desirable. For many of us, DIY is not desirable, but it's a mistake to think of open source as DIY. As I said above, configuration of a commercial solution can be just as time and cost intensive as an open source solution.

To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.

IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.

Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."